[ubuntu/maverick] sun-java6 6.24-1build0.10.10.1 (Accepted)
Brian Thomason
brian.thomason at canonical.com
Mon Feb 21 22:50:50 UTC 2011
sun-java6 (6.24-1build0.10.10.1) maverick; urgency=low
* Fake sync from Debian
* Changed Section prefix from non-free to partner as sun-java6 resides in
Canonical Partner archive as of Lucid
sun-java6 (6.24-1) unstable; urgency=high
* New upstream release
* Watch file added
* Homepage updated to http://jdk-distros.java.net/
* SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
- (CVE-2010-4476): Java Runtime Environment hangs when converting
"2.2250738585072012e-308" to a binary floating-point number.
- (CVE-2010-4452): Oracle Java XGetSamplePtrFromSnd Remote Code
Execution Vulnerability
- (CVE-2010-4454): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4462): XGetSamplePtrFromSnd Remote Code Execution Vulnerability
- (CVE-2010-4463): Webstart Trusted JNLP Extension Remote Code Execution
Vulnerability
- (CVE-2010-4465): Swing timer-based security manager bypass
- (CVE-2010-4467): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4469): Hotspot backward jsr heap corruption
- (CVE-2010-4473): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4422): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4451): Vulnerability allows successful unauthenticated network
attacks via HTTP.
- (CVE-2010-4466): Runtime NTLM Authentication Information Leakage
Vulnerability
- (CVE-2010-4470): JAXP untrusted component state manipulation
- (CVE-2010-4471): Java2D font-related system property leak
- (CVE-2010-4447): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4475): vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4468): DNS cache poisoning by untrusted applets
- (CVE-2010-4450): Launcher incorrect processing of empty library path
entries
- (CVE-2010-4448): DNS cache poisoning by untrusted applets
- (CVE-2010-4472): Untrusted code allowed to replace DSIG/C14N
implementation
- (CVE-2010-4474): Easily exploitable vulnerability requiring logon to
Operating System.
sun-java6 (6.23-1) unstable; urgency=low
* New upstream release
* Add 'google-chrome' as Depends of sun-java6-plugin (Closes: #607455)
* Standards-Version updated to version 3.9.1
Date: Mon, 21 Feb 2011 15:42:33 -0500
Changed-By: Brian Thomason <brian.thomason at canonical.com>
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
https://launchpad.net/ubuntu/maverick/+source/sun-java6/6.24-1build0.10.10.1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 21 Feb 2011 15:42:33 -0500
Source: sun-java6
Binary: sun-java6-jre sun-java6-bin sun-java6-plugin ia32-sun-java6-bin ia32-sun-java6-plugin sun-java6-fonts sun-java6-jdk sun-java6-demo sun-java6-source sun-java6-javadb
Architecture: source
Version: 6.24-1build0.10.10.1
Distribution: maverick
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Brian Thomason <brian.thomason at canonical.com>
Description:
ia32-sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (32-bit)
ia32-sun-java6-plugin - The Java(TM) Plug-in, Java SE 6 (32-bit)
sun-java6-bin - Sun Java(TM) Runtime Environment (JRE) 6 (architecture dependent
sun-java6-demo - Sun Java(TM) Development Kit (JDK) 6 demos and examples
sun-java6-fonts - Lucida TrueType fonts (from the Sun JRE)
sun-java6-javadb - Java(TM) DB, Sun Microsystems' distribution of Apache Derby
sun-java6-jdk - Sun Java(TM) Development Kit (JDK) 6
sun-java6-jre - Sun Java(TM) Runtime Environment (JRE) 6 (architecture independen
sun-java6-plugin - The Java(TM) Plug-in, Java SE 6
sun-java6-source - Sun Java(TM) Development Kit (JDK) 6 source files
Closes: 607455
Changes:
sun-java6 (6.24-1build0.10.10.1) maverick; urgency=low
.
* Fake sync from Debian
* Changed Section prefix from non-free to partner as sun-java6 resides in
Canonical Partner archive as of Lucid
.
sun-java6 (6.24-1) unstable; urgency=high
.
* New upstream release
* Watch file added
* Homepage updated to http://jdk-distros.java.net/
* SECURITY UPDATE: multiple upstream vulnerabilities. Upstream fixes:
- (CVE-2010-4476): Java Runtime Environment hangs when converting
"2.2250738585072012e-308" to a binary floating-point number.
- (CVE-2010-4452): Oracle Java XGetSamplePtrFromSnd Remote Code
Execution Vulnerability
- (CVE-2010-4454): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4462): XGetSamplePtrFromSnd Remote Code Execution Vulnerability
- (CVE-2010-4463): Webstart Trusted JNLP Extension Remote Code Execution
Vulnerability
- (CVE-2010-4465): Swing timer-based security manager bypass
- (CVE-2010-4467): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4469): Hotspot backward jsr heap corruption
- (CVE-2010-4473): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4422): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4451): Vulnerability allows successful unauthenticated network
attacks via HTTP.
- (CVE-2010-4466): Runtime NTLM Authentication Information Leakage
Vulnerability
- (CVE-2010-4470): JAXP untrusted component state manipulation
- (CVE-2010-4471): Java2D font-related system property leak
- (CVE-2010-4447): Vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4475): vulnerability allows successful unauthenticated network
attacks via multiple protocols.
- (CVE-2010-4468): DNS cache poisoning by untrusted applets
- (CVE-2010-4450): Launcher incorrect processing of empty library path
entries
- (CVE-2010-4448): DNS cache poisoning by untrusted applets
- (CVE-2010-4472): Untrusted code allowed to replace DSIG/C14N
implementation
- (CVE-2010-4474): Easily exploitable vulnerability requiring logon to
Operating System.
.
sun-java6 (6.23-1) unstable; urgency=low
.
* New upstream release
* Add 'google-chrome' as Depends of sun-java6-plugin (Closes: #607455)
* Standards-Version updated to version 3.9.1
Checksums-Sha1:
e6f703457bad10d5dcdb7678e5f37a2893ea6f66 1714 sun-java6_6.24-1build0.10.10.1.dsc
becedfd61a7a227044ea163735b89b87fb304998 88320 sun-java6_6.24-1build0.10.10.1.debian.tar.gz
Checksums-Sha256:
3b747d88cb3324fcb246c96b0d40c8e929a85a3c98a4825cc25d281015639846 1714 sun-java6_6.24-1build0.10.10.1.dsc
1c04ba09375b7dbedeeeb5e53abdcd9e2401b89b5b670fb2c5f2a8bfcd44776b 88320 sun-java6_6.24-1build0.10.10.1.debian.tar.gz
Files:
1fc79f94411af7ab9d78c3cebb1367a9 1714 partner/java optional sun-java6_6.24-1build0.10.10.1.dsc
cf5870cc1dfd7672ab0d71a159070bf0 88320 partner/java optional sun-java6_6.24-1build0.10.10.1.debian.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEUEARECAAYFAk1i3YsACgkQOb4zNfJqN5dG4wCWKYm0Gb8Q+KFv2ahXuXVRg4Aa
/QCfS4BDZAbCIQWOHb0M1dKubsapDpo=
=uuMB
-----END PGP SIGNATURE-----
More information about the Maverick-changes
mailing list